Language Selection

English French German Italian Portuguese Spanish

Microsoft, Linux vendors slow to fix flaw

Filed under
Security

Colin Percival detailed the vulnerability -- which affects versions of Intel's CPU that use a technology called hyper-threading -- at a conference on May 13.

The vulnerability could allow hackers to steal sensitive information such as passwords on servers configured to allow multiple users to login simultaneously.

The FreeBSD security team member has received formal responses to the issue from the makers of the BSD family of open-source operating systems, as well as SCO and Ubuntu Linux. However, Linux vendors Red Hat, Novell and Mandriva as well as Microsoft have been slow to act.

"Given that I reported this problem in early March, I really think that they [Microsoft and Linux vendors] should have had a patch over a month ago -- in time to test it extensively before releasing it on May 13th," Percival told ZDNet Australia .

"I made it quite clear to everyone that I would be releasing my paper on that date and that they should make sure they were ready by then," he added.

Although the problem only affects multi-user servers, these machines are widely used. "The most obvious example is shared Web servers, which constitutes the vast majority of small e-commerce sites," he said. "On these systems the flaw is very serious."

Full Story.

More in Tux Machines

Mutter Updated for GNOME 3.20 to Fix the X11/Wayland Copy and Paste Interaction

The GNOME developers are always hard at work patching bugs in the popular desktop environment used by default in many GNU/Linux operating systems, and today they've updated the GNOME Shell and Mutter components. Read more

Whitehurst: Free OSS Red Hat's biggest competition in Asia

Red Hat still faces a major challenge convincing organisations to pay for its services, especially in markets such as China where there is widespread use of free, open source alternatives, says CEO Jim Whitehurst. Read more

Red Hat CEO issues call to arms for open source participation

Broadening the strength and depth of the open source community has always been a goal that has been supported by vendors and businesses alike, but a call to arms for a greater participation was the message that Red Hat wanted to get across at its annual summit. The Red Hat Summit in San Francisco was an opportunity for CEO Jim Whitehurst to talk about the ideology of open source during his keynote presentation, and a message of changing hierarchies underpinned much of what he said. Read more

Avoiding bad practices in open source project management

This whole list has been inspired by many years of open source hacking and free software contributions. Everyone's experiences and feelings might be different, or malpractice may have been seen under different forms. Let me know if there are any other points that you encountered that blocked you from contributing to open source projects! Read more